Latest from Harvard Business Review
Harvard Business Review
5 days ago
- Business
- Harvard Business Review
Accelerating Data-Driven Transformation in the Hybrid Cloud
Download the Report Even in the hypervelocity of the digital age, caution often dictates enterprise decision making. Organizations will intelligently test the waters and evaluate technology before investing millions of dollars in talent and infrastructure to become more data driven. But the test won't focus solely on whether data can be well managed in the cloud—these days, that's a given—although it's not without complexity. Less obvious is whether the organization stands ready to integrate data from disparate sources and exploit a bounty of insights.
Harvard Business Review
5 days ago
- Business
- Harvard Business Review
Navigating the Generative AI Landscape
Download the report As the dust settles from the initial excitement and frenzy about generative AI (gen AI), a clearer picture of the tangible benefits to organizations is developing. Companies regionally—in North America, Europe, Latin America, and Asia Pacific (APAC)—are taking stock of lessons learned from early investments in gen AI infrastructure and capabilities, and it is now commonly accepted that harnessing gen AI can enhance customer interactions, reduce costs, improve data-driven decision making, and drive productivity.
Harvard Business Review
5 days ago
- Business
- Harvard Business Review
Empower Your Workforce by Optimizing Your Digital Workplace
Through the widespread adoption of digital devices, almost every enterprise today is a digital workplace. That makes it critical for every organization to consider the digital employee experience (DEX) it gives its workforce. Forward-thinking business leaders recognize they can drive innovation and productivity by empowering their workforce with an optimal DEX: a digital infrastructure that operates as seamlessly and intuitively for employees as the technology they rely on in their personal lives. But just as every organization has unique motives for optimizing the digital workplace, every organization also faces unique challenges that can impede its digital ambitions. In a recent report by TeamViewer and Bloomberg Media, business leaders said their most pressing needs for transforming their business through a digital workplace strategy include increasing revenue and productivity. Barriers to the Digital Workplace Even with strong ambitions to boost revenue and productivity through digital transformation, many organizations face persistent barriers. Legacy infrastructure, siloed systems, and fragmented tools often stand in the way of real progress. Survey respondents noted that their efforts to modernize are frequently slowed by the complexity of integrating new technologies into outdated environments. When organizations trap their teams in silos, they may inadvertently pay unnecessary expenses due to tool and license fragmentation. This can disrupt productivity, potentially increasing software and machinery downtime, workforce friction, and vulnerability to cyberthreats. And when a digital workplace isn't working, its people—and its business growth—may be suffering. Benefits of Enhancing DEX To optimize the digital workplace in a way that both enhances DEX and grows revenue, organizations need to equip their infrastructure with easy-to-use technology that simplifies organizational complexity and builds efficiency, allowing them to manage their growing device and machinery fleets and scale their business securely. An effective digital workplace platform must be sufficiently robust to handle organizational complexity. It must be easy and intuitive for IT teams to use so they can monitor workplace devices, detect anomalies, and remediate issues in advance. And if issues arise that hurt productivity, the IT team can connect remotely on demand to troubleshoot. In a range of sectors as diverse as retail, insurance, and food manufacturing, businesses that optimize their digital workplace can boost their productivity, eliminating silos that trap insights and improving processes and workflows that give their employees a better DEX. Better Troubleshooting, Less Downtime Employees at one organization, RLI Insurance, had struggled with efficiency on several fronts. But the company found several solutions by investing in a DEX solution. • Limited endpoint visibility inhibited RLI's staff from getting accurate experience scores, and inefficient reporting operations made its workforce reluctant to report IT issues. RLI improved productivity by introducing TeamViewer DEX, which now helps track stability, responsiveness, performance, and sentiment. Employees can more easily report issues and the IT team can take greater initiative to solve them. • Overheating devices drained batteries and disrupted productivity. After introducing better troubleshooting tools and processes, the IT team can better monitor devices' heat and battery lives, identifying problematic hardware more quickly and eliminating this source of friction. • Monitoring and validating Microsoft patches to improve system security and scores cost RLI's IT team valuable time and attention. Adopting tools to help it more effectively observe data for its entire fleet, the team can now better understand and prioritize patches, efficiently identifying areas that require its attention and minimizing workforce disruption. Unifying Remote Operations Another example of a smart digital workplace investment is Buehler, a key solution partner for the food and mobility industries that depends on remote operations with a range of geographical challenges. More than 1,000 technicians use remote support software to maintain and commission plants for Buehler's customers. Until recently, the company's customers found its former support software almost impossible to use without specialized IT knowledge. And support sessions with rural areas frequently broke down due to poor internet infrastructure. Buehler implemented a new, enterprise-grade remote connectivity solution called TeamViewer Tensor for its digital service processes. The solution eliminated these barriers and closed geographical distance, because it is easy to use and works in areas with low internet bandwidth. On top of that, the company introduced TeamViewer's augmented reality (AR)-powered software Frontline for real-time video calls, enabling remote expert assistance in case of hardware issues. This way, Buehler could share technical knowledge among employees remotely while reducing its experts' travel, saving time and costs. With faster and more reliable IT troubleshooting, customers experience less infrastructure downtime. AR-supported frontline solutions both boost efficiency and enable technicians to log and trace support sessions—capabilities they need for compliance with the global cybersecurity standards that protect Buehler's employees and customers. Every organization faces a unique set of challenges for enhancing the digital workplace. But with the right digital workplace solutions in place, these businesses can boost productivity, break down silos, and enable, improve, and automate processes and workflows to give employees—and customers—a better digital experience
Harvard Business Review
5 days ago
- Business
- Harvard Business Review
Ensuring Boston Ballet Stays Relevant
Ming Min Hui, executive director of Boston Ballet, is unique in her field. As a young, Asian American woman with a Harvard Business School MBA and a background in finance, she has focused her tenure on ensuring the ballet company stays true to its art form and simultaneously relevant to its times. Hui had worked for eight years at Boston Ballet as chief of staff and chief financial officer before taking the helm. Now leading one of the foremost ballet companies in the United States, she confronted evolving demographics, shifting audience habits, and an increasingly challenging financial environment. Harvard Business School Assistant Professor Edward Chang and Hui join host Brian Kenny to discuss the case Ming Min Hui at Boston Ballet. They explore how she balances the past, present, and future—and how these lessons translate from this nonprofit arts organization to any company, anywhere.
Harvard Business Review
5 days ago
- Business
- Harvard Business Review
Create a Company Culture That Takes Cybersecurity Seriously
In the U.S. alone, the annual damage from cybercrime has increased by 33%, rising to $16 billion in 2024. The vast majority of these breaches are down to human failure, such as misconfiguration of systems and appliances, mishandling of information or storage devices, and manipulation by bad actors. But if the human factor is the weakest link in information security, it's also the area where the right solution can have the biggest impact. Human-centered security approaches offer significant potential for sustainable information security within organizations. It can encourage, for instance, every employee being concerned about secure passwords, suspicious and attentive about possible email threats, sure not to leave their computers unlocked, and careful not to talk about sensitive business issues in public. To achieve this human-driven security culture, companies have to address several challenges. First, awareness alone does not automatically lead to desired behavior. While building awareness is an important step, companies also need to measure actual security behavior and nudge correct behavior, and work toward making collective security behavior part of company culture. Second, while executives play a crucial role in modeling security behavior, chief information security officers who we interviewed expressed difficulty in persuading other senior executives of the value of information security investments and initiatives. And third, an effective information security culture requires a process of continuous improvement and re-evaluation. Without widespread buy-in, that's difficult to achieve. The good news is that there are well-studied behavioral strategies to influence people to act in more prudent and responsible ways. Over the years, we have focused on understanding how individual behaviors, organizational culture, and psychological factors influence cybersecurity practices and decision-making. In this article, we apply Neidert's Core Motives Model (which one of us developed) to guide leaders on positively impacting information security behavior in their organizations through a process of interpersonal influence. It is a psychological framework that ties Cialdini's principles of influence (which another of us developed) to psychological motives and deepens the understanding of why these principles are effective to drive human behavior. Using Influence to Create a More Secure Culture Moving people in a desired direction—and doing so ethically, as well as effectively—hinges on building trust and convincing others of the merits of one's request. That often means overcoming three common hurdles: convincing them it's worth listening to you, that following your request is more beneficial than inaction (or another person's proposal), and that they should act now instead of later. At first blush, getting employees to comply by using psychological, behavioral-based strategies may feel manipulative. But there's an important distinction between ethical influence and manipulation: Leadership is about influencing people to reach common goals and shared purposes via their own volition, rather than through force or coercion. This model is about getting people to act on their own volition. Neidert's Core Motives Model entails three stages to motivate people to reach the desired endpoint: Connect Reduce Uncertainty Inspire Action Each of these help you get past the hurdles of convincing them that you're worth listening to, that following your request is beneficial for them, and that it's important to act now. This approach has been successfully used for over a decade in various organizations of the military and law enforcement in countering cybercrime and terrorism. Its logic aligns closely with observed behaviors of employees in the cybersecurity domain, revealing untapped potential for more intentional application. In a cybersecurity context, the goals are to establish an organization-wide culture of collective security behavior. That means that in order to accomplish compliance in exemplary security behavior, leaders need to be able to build lasting rapport with their workforce and make them feel confident to follow the lead. 1. Connect Before you can credibly lead, you have to connect. In general, people are more likely to follow your requests once (a) they feel they know that you like them, and like you in return, (b) they genuinely consider you as part of their group, and (c) you have provided favors that create a sense of obligation in them. Set the right tone Others say 'yes' when they like you and believe that you like them. When you display openness and approachability, they often mirror it back. For example, researchers found that when managers in sales are likeable and invest in building rapport, their teams perform better and are more likely to hit their targets. In cybersecurity, building rapport through likability and shared understanding with employees across all departments is essential for fostering cooperation and effectively driving organization-wide security initiatives. Consider an experience we had with a client. We were working with two managers, each responsible for different departments, both of whom were trying to get a specific cybersecurity program adopted. One was extremely warm, had a welcoming smile, and, when the program was presented for the first time, allowed time for the audience to ask questions. The other was cold and talked about adopting the program as a fate that none of his department members had control over. There was far greater adoption in the first manager's department than in the second. Encourage unity We're more likely to go the extra mile for someone we consider to be part of our group—and that's true for information security behaviors, too. Of course, building security culture is a shared effort. But it's up to managers to create a sense of being united. One client with whom we worked took a day to gamify the information security education within their team—think of tabletop exercises and escape room games. They used this interactive learning format to simultaneously convey knowledge and bond the employees together. The team left the day not only with more knowledge about how to build a stronger security culture but also with stronger team camaraderie. Build reciprocity There is a pervasive social norm that dictates that if someone gives us something, we feel obliged to give something in return. This norm, called reciprocity, helps build trust and connection. One accepted definition of trust is the willingness to be vulnerable with another party. The rule of reciprocity is especially powerful if the gift is meaningful, unexpected, customized to the recipient, and unrelated to the request you will make from them in the future. Besides favors, the rule also works for concessions that activate a feeling of indebtedness. This means that reducing the severity of one's initial request can also lead people to be more likely to reciprocate in an intended direction. First ask employees to meet an extreme goal and then concede by following it up with a smaller, more achievable goal. For example, initially asking your employees to correctly spot-test phishing e-mails 100% of the time, then making a concession to allow for a lower false hit rate per period, will likely lead to higher average hit rates than asking for the lower rate at the outset. 2. Reduce Uncertainty A firmly established interpersonal connection will convince many people, but not everyone. Some will hesitate because they're unsure about the requested behavior. These people will often look for assurance that a request is reasonable. In some cases, that means looking to those with credible authority for cues on how to think and act. In other cases, it means looking to their peers. Leaders can take two steps to help reduce such uncertainty: use your credible authority and have them see others do it. Use your credible authority You may or may not be an expert in cybersecurity, but you can demonstrate and lean into your credibility. When you as a leader personally instruct your workforce to comply with corporate information security —or even better, participate yourself—you will be more likely to get the desired outcome. For example, in an organization that we advised, the chairman of the board actively participated in a cyber crisis simulation, demonstrating the relevance and seriousness of the matter. His attendance led to more focused behavior by employees during the simulation and sustained behavior afterwards. Have them see others doing it When people are uncertain, they look around them for cues on how to think and act. Leaders can harness this natural response by demonstrating good security behavior themselves, as well as shining a light on how relevant others have adopted these behaviors. For example, instead of only reporting the results of phishing tests to leadership, companies can promote responsible actions by sharing the results across the organization. We recommend focusing on the positive, desired behavior of others, how many did it, and how they achieved it, as a positive reference point is more effective than a negative reference point. 3. Inspire Action Even with an established relationship and reduced uncertainty, people still require nudges to actually act on a request. In order to encourage individuals to leave their comfort zones, they need to be reminded that they have committed to information security behaviors in the past. Therefore, leaders should harness the power of employees' past commitments, like having them accept and sign a corporate information security policy, as a way of obtaining consistent security behaviors in the future. Also, motivators that focus on what is at risk if they don't act and what could be lost when not acting in a timely manner are very effective. Highlight what they might lose (or gain) Opportunities gain value when they are less available or time bounded. This process is further enhanced when individuals see themselves in competition with others, loss-framing has been applied, or they consider the opportunity as being exclusive. For example, Swiss health insurer Helsana used loss-framing by terminating contracts with employees who three times in a row failed to detect the quarterly phishing email awareness tests. Helsana reduced the rate of employee failure from 15% to 3% within five months. This extreme approach, while effective, could be replaced with a gentler, more forgiving one. We recommend installing a security champion program. On a regular basis, employees with a certain information security score are eligible for exclusive recognition, like financial or fringe benefits. Those who do not achieve those scores lose the opportunity for these benefits. Elicit public commitment People want to be consistent. Once they have taken a position or committed themselves to a certain course of action, they tend to live up to it and feel inwardly obliged to behave accordingly. They feel even more behaviorally bound if they have actively, publicly, and voluntarily committed themselves to it. We recommend adding a sentence like, 'I will not click on any suspicious links' or 'I will continuously show alert behavior around phishing' at the end of a cybersecurity training. And regularly remind these employees of their commitment to the organization's information security endeavors by doing something like posting a relevant sticker on their desks or doors. Another idea is to annually have employees sign a code of conduct, preferably in front of bosses and peers, that outlines how to protect the company's information property and assets. . . . Information security practices benefit organizations and all their employees. Organizational cultures have one thing in common: They propose shared values that elicit a sense of belonging together. They give an organization and their workforce an ideological direction with which everybody can identify. Information security is part of a healthy organizational culture. A functioning information security culture will leverage spillover effects of the information security 'we-ness' that keep the culture intact when employees join and also when key personnel leave. To achieve this, a systematic approach to social influence can be used to foster security-compliant behavior and an organizational information security culture that benefits everyone.
